Sonicwall NSA250 Content Filtering

We have implemented a new Dell Sonicwall NSA 250M. It has 2 WAN connections, setup for failover. When one WAN goes down it WILL NOT automatically switch over to the other one so long as it detects the network cable is still plugged in. IT has to be unplugged before it will switch. (This is issue #1)

We have also enabled content filtering, via local users and LDAP. Connection is good to LDAP, as we can sync groups, and apply certain CFS policies to each group, with a DEFAULT policy still configured (supposedly for anyone who doesn't authenticate to LDAP). However, under Users>Status, not all users are showing up. Sometimes 4-5 users show up, other times 19-20 show up. There should be consistently about 30-40 users at any given time throughout a work day. So I don't think this is working correctly...

Also, with content filtering enabled like this, Our Scan-to-Email from a Konica Minolta BizHub gets blocked... Not sure why. It should get the default policy. I have tried adding its IP to the CFS exclusions list, but to no avail... Please help! Any info would be great.

We don't specialize in SonicWall, a client bought it on their own, and I need some serious help getting it to work correctly.

Thanks!
RedWaveITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
1. wan failover - I'll assume you are using the routing section with "Disable route when the interface is disconnected" (the default). what you need to do is create/enable a probe for the link. Without the probe, it just looks to see if the interface is up.

2. content filtering - users only show up when they auth and they will only auth when they try to hit something that requires auth (something you are blocking). use the sso section to automatically auth users from radius/ad logs/browser/etc...Personally I have good success with the dc logs method (run the directory connector on a member computer somewhere).

3. scan-to-email - after you get the directory connector up, assuming the konica logs into a fileshare or something that will register in your dc, you can assign it's user permissions for CFS. If you need to do the ip, there are a few boxes that have to all be checked for it to work right. Let me know if you can't get it working with a user and we can go from there. I'd need to see screenshots of the CFS setup page for your specific firmware as they have made changes recently.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pintanin DuttaCommented:
issue 1:
i>Under Network>Failover & LB, Enable Respond to Probes.
ii>Click on configure button for Default LB Group, go to Probing tab and disable Probe responder.global.sonicwall.com on all interfaces in this group checkbox if enabled.
iii>Expand the Default LB Group and configure the WAN interfaces individually, select Logical/Probe Monitoring enabled and Probe succeeds when either main or alternate target responds, configure main and alternate targets with icmp and configure hosts as external DNS IP addresses like 8.8.8.8 or 4.2.2.2.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.